diff options
Diffstat (limited to 'doc/apps/s_client.pod')
-rw-r--r-- | doc/apps/s_client.pod | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 881fbcfefe..e06af14ec9 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -95,7 +95,7 @@ B<openssl> B<s_client> [B<-serverinfo types>] [B<-status>] [B<-nextprotoneg protocols>] -[B<-noct|requestct|requirect>] +[B<-ct|noct>] [B<-ctlogfile>] =head1 DESCRIPTION @@ -464,14 +464,12 @@ Empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after receiving ServerHello with a list of server supported protocols. -=item B<-noct|requestct|requirect> +=item B<-ct|noct> -Use one of these three options to control whether Certificate Transparency (CT) -is disabled (-noct), enabled but not enforced (-requestct), or enabled and -enforced (-requirect). If CT is enabled, signed certificate timestamps (SCTs) -will be requested from the server and invalid SCTs will cause the connection to -be aborted. If CT is enforced, at least one valid SCT from a recognised CT log -(see B<-ctlogfile>) will be required or the connection will be aborted. +Use one of these two options to control whether Certificate Transparency (CT) +is enabled (B<-ct>) or disabled (B<-noct>). +If CT is enabled, signed certificate timestamps (SCTs) will be requested from +the server and reported at handshake completion. Enabling CT also enables OCSP stapling, as this is one possible delivery method for SCTs. |